Session Fixation Affecting org.apache.axis2:axis2 Open this link in a new tab package, versions [,1.7.4)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
25 Dec 2017
13 Jan 2010
Introduced: 13 Jan 2010CWE-384 Open this link in a new tab
How to fix?
org.apache.axis2:axis2 to version 1.7.4 or higher.
org.apache.axis2:axis2 is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack.
Affected versions of this package are vulnerable to Session Fixation in the administrative interface at the path
/axis2/axis2-admin. Attacker can exploit this flaw by doing a Cross-Site Scripting (XSS) attack and get his Session cookie and perform session hijacking attack.